KLA11557
Multiple vulnerabilities in Microsoft Browsers
Обновлено: 13/09/2019
Дата обнаружения
10/09/2019
Уровень угрозы
Critical
Описание

Multiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code;
  2. An information disclosure vulnerability in Microsoft Edge based on Edge HTML can be exploited remotely via specially crafted content to obtain sensitive information;
  3. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code;
  4. A security feature bypass vulnerability in Microsoft Browser can be exploited remotely via specially crafted to bypass security restrictions;
  5. A remote code execution vulnerability in VBScript can be exploited remotely via specially crafted website to execute arbitrary code.
Пораженные продукты

ChakraCore
Microsoft Edge (EdgeHTML-based)
Internet Explorer 11
Internet Explorer 9
Internet Explorer 10

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2019-1300
CVE-2019-1299
CVE-2019-1138
CVE-2019-1237
CVE-2019-1217
CVE-2019-1221
CVE-2019-1220
CVE-2019-1236
CVE-2019-1208
CVE-2019-1298
Оказываемое влияние
?
ACE 
[?]

OSI 
[?]

SB 
[?]
Связанные продукты
Microsoft Internet Explorer
Microsoft Edge
CVE-IDS
CVE-2019-11384.2Warning
CVE-2019-12984.2Warning
CVE-2019-12374.2Warning
CVE-2019-13004.2Warning
CVE-2019-12174.2Warning
CVE-2019-12994.3Warning
CVE-2019-12217.5Critical
CVE-2019-12204.3Warning
CVE-2019-12367.5Critical
CVE-2019-12087.5Critical
KB list

4516066
4516068
4516065
4515384
4516044
4516026
4512578
4516058
4516067
4516055
4516070
4516046

Microsoft official advisories
Microsoft Security Update Guide